feat(note): Templating for external secrets

Signed-off-by: Axel Lender <lender@b1-systems.de>

docs/external-secrets.md

@@ -0,0 +1,38 @@
+<!--
+SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+-->
+
+<h1>External Secrets</h1>
+
+This document covers how to utilise external secrets and special requirements.
+
+<!-- TOC -->
+* [General](#general)
+* [Components](#components)
+  * [Notes](#notes)
+<!-- TOC -->
+
+# General
+
+For most components when set the external secret will supersede e.g. a password in a `values.yaml` file.
+
+The file [`external_secrets.yaml`](/helmfile/environments/default/external_secrets.yaml.gotmpl) lists all possible references to external secrets that are currently implemented in openDesk.
+
+# Components
+
+This section covers information and special requirements to external secrets that some Helm Charts expect.
+
+## Notes
+
+There are some values that consist of more than just one secret part.
+
+```yaml
+backend:
+  configuration:
+    django:
+      superuserEmail:
+        value: {{ printf "default.admin@%s" .Values.global.domain | quote }}
+    redisUrl:
+      value: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
+```